问题:
解决tcpdump -w 的写缓存不实时写文件的问题解决
解决方式: --待测试
tcpdump -w file直接写文件,而不适用操作系统写缓存方式
--packet-buffered
If the -w option is not specified, make the printed packet out‐
put ``packet-buffered''; i.e., as the description of the con‐
tents of each packet is printed, it will be written to the stan‐
dard output, rather than, when not writing to a terminal, being
written only when the output buffer fills.
If the -w option is specified, make the saved raw packet output
``packet-buffered''; i.e., as each packet is saved, it will be
written to the output file, rather than being written only when
the output buffer fills.
The -U flag will not be supported if tcpdump was built with an
older version of libpcap that lacks the pcap_dump_flush() func‐
tion.
-U packet-bufferd,每个包收到就存到-w filename指定的文件,而不是等输出缓冲区满。老版本libpcap缺少(pcap_dump_flush())函数的不支持。
回复删除https://gowa.club/TCP-IP/tcpdump%E7%9A%84%E4%BD%BF%E7%94%A8-%E8%BF%87%E6%BB%A4%E8%A1%A8%E8%BE%BE%E5%BC%8F.html